winston/infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: winston:e94b793bc73394666764fe2b27dc3bbb5e5e866b
Branches Tags
winston:main
...
compare: winston:df0cca66ae5bba2afc0f48d1894c6ffe622275bf
Branches Tags
winston:main

2 commits
e94b793bc7 ... df0cca66ae

Author SHA1 Message Date
winston
df0cca66ae
chore(nix): update lockfile
All checks were successful
/ check (push) Successful in 25m57s
Details
2024-09-19 00:20:22 +02:00
winston
20843a943b
fix: move stuff around after hardening security 2024-09-19 00:19:44 +02:00
4 changed files with 54 additions and 76 deletions
Show stats Expand all files Collapse all files

2
config/network.nix
View file

@ -11,12 +11,12 @@
openFirewall = true; openFirewall = true;
allowSFTP = false; allowSFTP = false;
challengeResponseAuthentication = false;
settings = { settings = {
AllowAgentForwarding = false; AllowAgentForwarding = false;
AllowStreamLocalForwarding = false; AllowStreamLocalForwarding = false;
AllowTcpForwarding = true; AllowTcpForwarding = true;
AuthenticationMethods = "publickey"; AuthenticationMethods = "publickey";
KbdInteractiveAuthentication = false;
KexAlgorithms = [ KexAlgorithms = [
"curve25519-sha256" "curve25519-sha256"
"curve25519-sha256@libssh.org" "curve25519-sha256@libssh.org"

2
config/users.nix
View file

@ -38,7 +38,7 @@ in
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.winston = { users.root = {
home.stateVersion = "23.11"; home.stateVersion = "23.11";
programs = { programs = {

118
flake.lock
View file

@ -27,9 +27,8 @@
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": [], "flake-compat": [],
"flake-parts": "flake-parts", "flake-parts": [
"flake-utils": [ "flake-parts"
"flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
@ -39,11 +38,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725300620, "lastModified": 1726069220,
"narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", "narHash": "sha256-dAUWlC8uMJX9iovycfvJcg5nm3PzqJIRAOwN4z322zM=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "attic", "repo": "attic",
"rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", "rev": "416687e59c4f0b32742423458cab2c5ff8fe748a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -100,36 +99,15 @@
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"attic",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1722555600, "lastModified": 1726153070,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725234343,
"narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -143,11 +121,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1726560853,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -156,10 +134,35 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [],
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725513492,
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "git-hooks",
"nixpkgs" "nixpkgs"
] ]
}, },
@ -184,11 +187,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1726592409,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +203,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1725001927, "lastModified": 1726447378,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -216,11 +219,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1725103162, "lastModified": 1726463316,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -230,42 +233,17 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [],
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"attic": "attic", "attic": "attic",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pre-commit-hooks": "pre-commit-hooks",
"satisfactory-server": "satisfactory-server", "satisfactory-server": "satisfactory-server",
"steam-fetcher": "steam-fetcher", "steam-fetcher": "steam-fetcher",
"valheim-server": "valheim-server" "valheim-server": "valheim-server"

8
flake.nix
View file

@ -95,7 +95,7 @@
}; };
}; };
imports = [ inputs.pre-commit-hooks.flakeModule ]; imports = [ inputs.git-hooks.flakeModule ];
systems = [ systems = [
"aarch64-darwin" "aarch64-darwin"
"aarch64-linux" "aarch64-linux"
@ -129,7 +129,7 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs-stable.follows = "nixpkgs"; inputs.nixpkgs-stable.follows = "nixpkgs";
inputs.flake-compat.follows = ""; inputs.flake-compat.follows = "";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-parts.follows = "flake-parts";
}; };
deploy-rs = { deploy-rs = {
url = "github:serokell/deploy-rs"; url = "github:serokell/deploy-rs";
@ -137,8 +137,8 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils"; inputs.utils.follows = "flake-utils";
}; };
pre-commit-hooks = { git-hooks = {
url = "github:cachix/pre-commit-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs.flake-compat.follows = ""; inputs.flake-compat.follows = "";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs-stable.follows = "nixpkgs"; inputs.nixpkgs-stable.follows = "nixpkgs";